|
Author: matthew72
Date: 02-03-12 23:36
I think this is the datacenter console logged into my server. I'd like to kick them off but each time it says no matching process and who -u lists "old" as the process number.
Could this be some kind of hacker?
How can I log offer ttyv0? It's been logged in for 4-5 days.
======================================
# who
root ttyv0 Feb 28 03:05
root ttyp0 Mar 2 15:07 (my.ip.number.here)
# who -u
root ttyv0 Feb 28 03:05 old
root ttyp0 Mar 2 15:07 . (my.ip.number.here)
# ps x | grep ttyv0
52970 p0 R+ 0:00.00 grep ttyv0
# killall -9 52970
No matching processes were found
# ps x | grep ttyv0
52989 p0 R+ 0:00.00 grep ttyv0
# killall -9 52989
No matching processes were found
vit1# ps x | grep ttyv0
52993 p0 R+ 0:00.00 grep ttyv0
# killall -9 52993
No matching processes were found
|
|
Reply To This Message
|
|
Author: Dan
Date: 02-03-12 23:47
matthew72 wrote:
> I think this is the datacenter console logged into my server.
> I'd like to kick them off but each time it says no matching
> process and who -u lists "old" as the process number.
>
> Could this be some kind of hacker?
>
> How can I log offer ttyv0? It's been logged in for 4-5 days.
>
> ======================================
>
> # who
> root ttyv0 Feb 28 03:05
> root ttyp0 Mar 2 15:07 (my.ip.number.here)
> # who -u
> root ttyv0 Feb 28 03:05 old
> root ttyp0 Mar 2 15:07 .
> (my.ip.number.here)
> # ps x | grep ttyv0
> 52970 p0 R+ 0:00.00 grep ttyv0
That is grep.
Try ps -auwx | grep ttyv0
> # killall -9 52970
> No matching processes were found
That's because you're trying to kill grep, which has already terminated.
--
Webmaster
|
|
Reply To This Message
|
|
Author: matthew72
Date: 02-03-12 23:56
# ps -auwx | grep ttyv0
root 54241 0.0 0.0 1632 852 p0 R+ 3:43PM 0:00.00 grep ttyv0
# killall -9 54241
No matching processes were found
# killall -9 1632
No matching processes were found
# killall -9 852
No matching processes were found
#
|
|
Reply To This Message
|
|
Author: Dan
Date: 02-03-12 23:57
Still, you are seeing only the grep process. Thus, there is no process to kill
--
Webmaster
|
|
Reply To This Message
|
|
Author: matthew72
Date: 03-03-12 00:05
I realize I'm not a professional system administrator.
Does anyone know how to kick off that root user that's been on my system for 5 days?
|
|
Reply To This Message
|
|
Author: matthew72
Date: 03-03-12 10:11
SOLVED:
# pkill -KILL -u root
Connection to my.ip.number.here closed by remote host.
Connection to my.ip.number.here closed.
|
|
Reply To This Message
|
|
Author: Dan
Date: 03-03-12 20:14
Yeah, that kills your own connection too.. but there you go.
--
Webmaster
|
|
Reply To This Message
|
|
